google-agents-cli-adk-code

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main documentation (SKILL.md and references/adk-python.md) explicitly instructs using built-in tools that fetch public web content—e.g., load_web_page and google_search (and using curl https://adk.dev/llms.txt or external MCP/OpenAPI endpoints)—so the agent is expected to ingest and act on arbitrary third‑party webpages/search results, enabling indirect prompt injection.